{"report_id":"6d222905-ac19-4b20-a02e-ccc51d005212","version":6,"status":"done","tags":[],"date":"2025-09-07T21:48:22Z","url":{"schema":"http","addr":"119.3.89.190:8080/apk/elfcast.apk","fqdn":"119.3.89.190","domain":"119.3.89.190","tld":""},"ip":{"addr":"119.3.89.190","port":0,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"http","addr":"119.3.89.190:8080/apk/elfcast.apk","fqdn":"119.3.89.190","domain":"119.3.89.190","tld":""},"ip":{"addr":"119.3.89.190","port":0,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-12T21:48:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-07","alert":"Sinkholed","trigger":"119.3.89.190","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"119.3.89.190","ip":{"addr":"119.3.89.190","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":7661670,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"69b29a56f21c6d453de38ee656be5f2e","sha1":"b8bc4f8ffaf4f9b110962593458ec00c78b1b077","sha256":"66a71d327f8b49bff581e16fcd485fd223ca6b46e1aab17e2d5b82527feaedd0","sha512":"5ef04be01900eff0fa0a35db37bf9cc001752b536c6485ea3a5f793424475d2008cf29f76a3eb411fe4a030bd8938946fcfbd75927463f262cdf65044f750d8a","magic":"Android package (APK), with zipflinger virtual entry Zip archive data, at least v0.0 to extract, compression method=store","size":7661410,"url":{"schema":"http","addr":"119.3.89.190:8080/apk/elfcast.apk","fqdn":"119.3.89.190","domain":"119.3.89.190","tld":""},"ip":{"addr":"119.3.89.190","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"119.3.89.190:8080/apk/elfcast.apk","fqdn":"119.3.89.190","domain":"119.3.89.190","tld":""},"ip":{"addr":"119.3.89.190","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-07T21:47:57.669Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /apk/elfcast.apk HTTP/1.1\r\nHost: 119.3.89.190:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 07 Sep 2025 21:47:58 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 7661410\r\nLast-Modified: Fri, 17 Jan 2025 02:38:30 GMT\r\nConnection: keep-alive\r\nETag: \"6789c2a6-74e762\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7661410,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Android package (APK), with zipflinger virtual entry Zip archive data, at least v0.0 to extract, compression method=store","md5":"69b29a56f21c6d453de38ee656be5f2e","sha1":"b8bc4f8ffaf4f9b110962593458ec00c78b1b077","sha256":"66a71d327f8b49bff581e16fcd485fd223ca6b46e1aab17e2d5b82527feaedd0","sha512":"5ef04be01900eff0fa0a35db37bf9cc001752b536c6485ea3a5f793424475d2008cf29f76a3eb411fe4a030bd8938946fcfbd75927463f262cdf65044f750d8a","ssdeep":"24576:UDyzne+HDqKWGapNd8gVFEH8jNadFjH53nnAbDM0aKToF8:UDCneoDqKVoXBPUaS53nAbDM079","tlshash":"2b2523458668ba38dc684ce6c4c24fa30f4027e59a515e065d3e2f0b6cd3d0a797af7e","first_seen":"2025-09-07T21:48:27.19073Z","last_seen":"2025-09-07T21:48:27.19073Z","times_seen":1,"resource_available":false,"data":null}},"time_used":5009,"timings":{"blocked":299,"dns":6,"connect":304,"send":0,"wait":304,"receive":4096,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-07","alert":"Sinkholed","trigger":"119.3.89.190","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}